add hybrid/swarm config option

docker · Jul 11, 2017 · 06500bd · 06500bd
1 parent d1b721f
commit 06500bd
Showing 2 changed files with 43 additions and 20 deletions.
diff --git a/bin/syncFilesToAllSwarmNodes.sh b/bin/syncFilesToAllSwarmNodes.sh
@@ -1,23 +1,14 @@
 #!/bin/bash
+#
+# This script will sync specified directories of files to all nodes in the docker swarm.
+# It must be run from a/the manager node.
+#
 
-#ensure dig is avail
-command -v dig >/dev/null 2>&1 || { echo >&2 "ERROR: dig is required, but doesn't appear to be installed.  Aborting..."; exit 1; }
-
-#ensure sed is avail
-command -v sed >/dev/null 2>&1 || { echo >&2 "ERROR: sed is required, but doesn't appear to be installed.  Aborting..."; exit 1; }
-
-#ensure awk is avail
-command -v awk >/dev/null 2>&1 || { echo >&2 "ERROR: awk is required, but doesn't appear to be installed.  Aborting..."; exit 1; }
-
-#ensure scp is avail
-command -v scp >/dev/null 2>&1 || { echo >&2 "ERROR: scp is required, but doesn't appear to be installed.  Aborting..."; exit 1; }
-
-#ensure realpath is avail
-command -v realpath >/dev/null 2>&1 || { echo >&2 "ERROR: realpath is required, but doesn't appear to be installed.  Aborting..."; exit 1; }
 
 IDfile=`realpath $4`
 
 
+
 DisplayUsage()
 {
   echo "Usage:"
@@ -71,7 +62,7 @@ fi
 pushd $1 > /dev/null
 
 
-#check if specified config dir contains (some of) the needed sub-directories
+#check if specified config dir contains the needed sub-directories
 if ! [ -d "$PWD/config/shib-idp/conf" ]; then
   echo "ERROR: the specified directory does not appear to contain a valid IdP config structure, terminating."
   exit 1
@@ -83,7 +74,6 @@ fi
 
 
 # transfer files
-#
 # get list of other nodes in the swarm
  for n in `docker node ls | sed -n '1!p' | cut -f 1 -d ' '`; do
   #echo $n

diff --git a/configBuilder.sh b/configBuilder.sh
@@ -290,10 +290,10 @@ echo ""
 echo "Would you like your Shibboleth IdP containers to utilize a "
 echo "Shibboleth config which has been \"burned\" (copied) into each "
 echo "container, or would you like your IdP containers to instead "
-echo "mount their configuration from the container host's local filesystem?"
+echo "mount their configuration from the container host's local filesystem or would you like to use a hybrid config utilizing secrets?"
 echo ""
 while [ ${BURNMOUNT} == "None" ]; do
-    echo -n "Please select your choice (please enter either \"burn\" or \"mount\"): "
+    echo -n "Please select your choice (please enter either \"burn\" or \"mount\" or \"hybrid\"): "
     read response
     case $response in
         Mount|mount|M|m)
@@ -302,8 +302,11 @@ while [ ${BURNMOUNT} == "None" ]; do
 		Burn|burn|B|b)
 			BURNMOUNT=burn
 			;;
+        Hybrid|hybrid|H|h)
+            BURNMOUNT=hybrid
+            ;;
 		*)
-			echo "You must choose either \"burn\" or \"mount\"."
+			echo "You must choose either \"burn\" or \"mount\" or \"hybrid\"."
     esac
 done
 #echo "Burn/Mount option choice is: $BURNMOUNT"
@@ -466,7 +469,7 @@ sed -f docker_edit.sed Dockerfile.dist > Dockerfile
 rm -f docker_edit.sed
 
 
-if [ ${BURNMOUNT} == "burn" ]; then
+if [ ${BURNMOUNT} == "burn" ] || [ ${BURNMOUNT} == "hybrid" ]; then
   echo "Configuring Docker for burned-in configuration."
 
   mv -f Dockerfile Dockerfile.setup
@@ -500,6 +503,36 @@ command -v zip >/dev/null 2>&1 || { echo >&2 "ERROR: zip is required, but doesn'
 FILENAME=./shib-idp-config_`date +%m%d%Y-%H%M%S`.zip
 zip -r ${FILENAME} ./* > /dev/null
 
+
+# if the user chose a hybrid config, then generate a directory containing the config with secrets removed
+# copy files
+echo ""
+echo "Creating sanitized config for hybrid build..."
+echo ""
+destPath=./ConfigNoSecrets
+cp -rf `realpath ${PWD}`/. $destPath >/dev/null 2>>/dev/null
+
+# remove secrets
+mv -f $destPath/config/shib-idp/conf/idp.properties $destPath/SECRETS/idp.properties > /dev/null
+mv -f $destPath/config/shib-idp/conf/ldap.properties $destPath/SECRETS/ldap.properties > /dev/null
+mv -f $destPath/credentials/shib-idp/sealer.jks $destPath/SECRETS/sealer.jks > /dev/null
+mv -f $destPath/credentials/shib-idp/sealer.kver $destPath/SECRETS/sealer.kver > /dev/null
+mv -f $destPath/credentials/shib-idp/idp-signing.key $destPath/SECRETS/idp-signing.key > /dev/null
+mv -f $destPath/credentials/shib-idp/idp-signing.crt $destPath/SECRETS/idp-signing.crt > /dev/null
+mv -f $destPath/credentials/shib-idp/idp-encryption.key $destPath/SECRETS/idp-encryption.key > /dev/null
+mv -f $destPath/credentials/shib-idp/idp-encryption.crt $destPath/SECRETS/idp-encryption.crt > /dev/null
+mv -f $destPath/config/shib-idp/conf/relying-party.xml $destPath/SECRETS/relying-party.xml > /dev/null
+mv -f $destPath/config/shib-idp/conf/attribute-filter.xml $destPath/SECRETS/attribute-filter.xml > /dev/null
+mv -f $destPath/config/shib-idp/conf/attribute-resolver.xml $destPath/SECRETS/attribute-resolver.xml > /dev/null
+mv -f $destPath/config/shib-idp/conf/metadata-sources.xml $destPath/SECRETS/metadata-sources.xml > /dev/null
+
+echo ""
+echo Your secrets were removed from the main config and stored in $destPath/SECRETS
+echo ""
+
+
+
+
 ############################################################################################################################
 ### notify user of next steps (docker build and docker run commands, based on burn/mount and chosen directory locations) ###
 ############################################################################################################################